Ethereal-dev: Re: [Ethereal-dev] Patch for Tacacs+: multiple keys

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Guy Harris" <guy@xxxxxxxxxxxx>
Date: Sun, 19 Oct 2003 10:35:32 -0700 (PDT)
Emanuele Caratti said:
> I added to my tacacs+ dissector the possility to use multiple keys, so
> it's possible to dissect a tacacs+ stream where you have a different key
> for each client<->server communication.

Checked in, with a couple of no-longer-used true_false_string tables removed.

> If the tacplus.key is specified as <server_ip>/<client_ip>=<key> (
> multiple entry MUST be separated by a sigle space char), then this key
> is binded to the packet between server_ip and client_ip.

At some point, if we implement the ability to set per-conversation
attributes in the UI, we might want to use that mechanism for this.

By the way, why did you make this change:

-       gboolean        request=(pinfo->match_port == pinfo->destport);
+       gboolean        request=( pinfo->destport == TCP_PORT_TACACS );

The former should work even if a port other than the standard TACACS port
is being used; the latter requires that the standard TACACS port is being
used.  Is there some case where the first of those didn't work?